Proceedings of the XXth Conference of Open Innovations Association FRUCT (Apr 2024)
Base of Models of the Information Security Risks Assessment System
Abstract
Background: New technologies, global computerization, and cloud computing provide new risks to modern enterprises' information environments. It takes an effective information security risk management system to balance user data accessibility with data security. Objective: The aim is to investigate the development of a human-machine information technology for risk assessment, which is critical to a company's information security risk management system. Despite the real-world obstacles of risk assessment decision-making, the emphasis is on assuring systematic risk assessment and the dependability of the implementation process. Methods: The study employs current risk management methodology, decision support systems, and expert assessment methods. It also looks at worldwide standardization initiatives, existing risk management systems, procedures, and the responsibilities of expert evaluations. Furthermore, numerous techniques, models, and methodologies of individual risk assessment components are examined. Results: The study emphasizes the dominating importance of the "human factor" in risk management systems, particularly the issues associated with the complexity of analysis and the need for large resources. Tools that improve the systematization, formalization, and standardization of assessment procedures are required. To enhance risk management, the study underlines the need of shifting to information technology based on current decision support systems. Conclusion: This article adds to our knowledge of how to use information technology for risk assessment inside a risk management system. Integrating systemically integrated model bases and exploiting the capabilities of current decision support systems may give a more efficient, systematic, and dependable way to addressing information security threats.
Keywords
